Re: Securing Fedora Core 4
From: Glynn Clements (glynn_at_gclements.plus.com)
Date: 09/25/05
- Previous message: Joachim Schipper: "Re: Securing Fedora Core 4"
- In reply to: AragonX: "Re: Securing Fedora Core 4"
- Next in thread: Martijn Feleus: "Re: Securing Fedora Core 4"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 25 Sep 2005 01:44:16 +0100 To: "AragonX" <aragonx@dcsnow.com>
AragonX wrote:
> Well, the offices that I will be setting up are rather small and I can't
> convince them to separate the services to multiple machines.
>
> So basically, the servers will have to do everything. Email, web,
> firewall, gateway, file & print. Those are the tasks it will have to
> perform.
> Email and web are the services that will be available to the Internet.
The public web server should definitely be a separate box, especially
if it has any kind of CGI or scripting capability (i.e. mod_cgi,
mod_perl, mod_php etc), and it shouldn't be given any trust (i.e. any
firewall rules or access lists which distinguish between "internal"
and "external" systems should treat the web server as external).
Rule #1 of running a web server: assume that it is going to get
compromised occasionally. Obviously, you try to prevent that, but
don't assume that you will be entirely successful.
-- Glynn Clements <glynn@gclements.plus.com>
- Previous message: Joachim Schipper: "Re: Securing Fedora Core 4"
- In reply to: AragonX: "Re: Securing Fedora Core 4"
- Next in thread: Martijn Feleus: "Re: Securing Fedora Core 4"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
